The FBI seized $ 2,3 million in August from a well-known subsidiary of REvil and GandCrab ransomware.
The service seized 39,89138522 bitcoins worth about $ 2,3 million at current prices from an Exodus wallet on August 3, 2021.
Exodus is a desktop or mobile wallet that owners can use to store cryptocurrencies, including Bitcoin, Ethereum, Solana and many others.
The FBI did not disclose how it gained access to the wallet, other than that it was now in their hands, indicating that they may have gained access to the wallet's private key or password.
«United States Files 39,89138522 Bitcoin Seized Verified Complaints Seized by Exodus Wallet, now in custody and managed by the Federal Bureau of Investigation (“FBI”) Dallas Division, One Justice Way, Dallas Texas", refers to complaint of the United States.
The complaint goes on to say that the wallet contained REvil ransom payments belonging to a subsidiary identified as “Alexander Sikerin, a / k / a Alexander Sikerin, a / k / a Oleksandr Sikerin"By email address"email@example.com. '
While the FBI does not specify the malicious web's nickname, the name "engfog" in the email address is linked to a known subsidiary of GandCrab and REvil / Sodinokibi known as "Lalartu».
GandCrab and REvil operated as Ransomware-as-a-Service (RaaS), where key operators collaborated with third-party hackers, known as affiliates.
As part of this agreement, the key operators develop and manage the encryption / decryption software, payment gateway and data leak sites. Affiliates are responsible for hacking corporate networks, stealing data and developing ransomware to encrypt devices.
Any ransom payments will then be distributed among the subsidiaries and key operators, with operators generally earning 20-30% of the ransom and subsidiaries doing the rest.
As part of his research, the security researcher Alon Gal watched Lalartu under the pseudonym "Engfog"Or"Eng_Fog", Which matches the email address" firstname.lastname@example.org "mentioned in the FBI complaint.
In November, the Department of Justice announced that the FBI had ransomed $ 6 million ransom paid to the REvil ransomware gang.
It is unknown at this time what he will do after leaving the post.
The ongoing law enforcement strategy to disrupt the financial and affiliate systems of ransomware operations is bearing fruit.
This activity has led to numerous arrests and removal of infrastructure, such as:
- Netwalker ransomware shut down and a subsidiary arrested in Canada.
- The arrest of the two members of Operation Egregor led to the closure of the organization.
- The arrest of 12 people believed to be linked to ransomware attacks against 1.800 victims in 71 countries.
- The arrest of a Ukrainian national believed to be behind the Kaseya ransomware attack.
Arrests and seizures of infrastructure scare ransomware gangs to end their activities, including REvil in October and BlackMatter in July.